Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







[CVSS 9+] Industrial Control Systems Advisories from CISA

Executive Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has released three advisories regarding vulnerabilities in industrial control systems.

  • ICSA-23-271-01: This advisory is about a vulnerability affecting Rockwell Automations PanelView 800. The vulnerability with a CVSS of 9.8 is related to improper input validation.
  • ICSA-23-271-02: This advisory is about multiple vulnerabilities affecting DEXMA’s DexGate. It includes the following vulnerabilities. Cross-Site Scripting, Cross-Site Request Forgery, Improper Authentication, Cleartext Transmission of Sensitive Information, Exposure of Sensitive Information to an Unauthorised Actor. The vulnerability with the highest CVSS has the score of 8.0.
  • ICSA-23-143-02: This advisory is and update on multiple vulnerabilities affecting Hitachi Energy’s RTU500 Series Product. Following vulnerabilities are covered: Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow. The vulnerability with the highest CVSS has the score of 9.8.

Organisations are encouraged to follow recommended practices and report any suspicious activity to CISA.

Please see below a summary of each CISA advisory.

ICSA-23-271-01

Vulnerability Information:

Affected Products: Several versions of the PanelView 800.

Vulnerability Overview: The vulnerability (CWE-20) exists in a third-party component, potentially leading to sensitive information exposure, data alteration, or denial of service. CVE-2017-12652 has been assigned to this vulnerability with a CVSS of 9.8.

Risk Evaluation: Exploiting this vulnerability could lead to sensitive information disclosure, data modification, or denial-of-service attacks.

Mitigations:

  • Customers are encouraged to apply risk mitigations and update to version 6.011 or later.
  • Implement security best practices recommended by Rockwell Automation.
  • CISA advises minimizing network exposure, using firewalls, and secure remote access methods such as VPNs.
  • Proper impact analysis and risk assessment are recommended before deploying defensive measures.
  • Additional cybersecurity strategies for proactive defense are encouraged.
  • Organizations observing suspicious activity should report findings to CISA.

Sector-wise Impact:

  • Critical Infrastructure Sectors: Energy, Water and Wastewater, Telecommunications.
  • Deployment: Worldwide.

No known public exploitation of this vulnerability has been reported to CISA at the time of this advisory.

ICSA-23-271-02

Vulnerability Information:

Affected Products: DEXGate Version 20130114

Vulnerability Overview:

  • Improper Authentication (CVE-2023-4108): With a CVSS score of 8.0, it allows an attacker to impersonate a legitimate user by exploiting the cookie header.
  • Cleartext Transmission of Sensitive Information (CVE-2023-41088): With a CVSS score of 6.3, it allows an attacker to capture network traffic.
  • Cross-Site Scripting (CVE-2023-40153): With a CVSS score of 5.4, it allows an attacker to inject arbitrary JavaScript into the web application.
  • Exposure of Sensitive Information to an Unauthorised Actor (CVE-2023-42666): With a CVSS score of 5.3, it allows malicious requests to obtain information about the web server used.
  • Cross-Site Request Forgery (CVE-2023-42435): May enable an attacker to perform actions with a victim user’s permissions. CVSS is not known as of today.

Risk Evaluation: Successful exploitation of these vulnerabilities could result in the attacker impersonating a user, executing arbitrary code, and accessing the connected network.

Mitigations:

  • Dexma has not responded to CISA’s requests to coordinate.
  • CISA recommends defensive measures such as network minimization, firewall usage, and secure remote access.
  • Proper impact analysis and risk assessment before deploying defenses are advised.
  • Additional guidance is available on the ICS webpage at cisa.gov/ics.

CISA also advises users to protect themselves from social engineering attacks.

Sector-Wise Impact:

  • Critical Infrastructure Sectors: Multiple
  • Countries/Areas Deployed: Worldwide

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA.

ICSA-23-143-02

Vulnerability Information:

Affected Products: The following versions of Hitachi Energy’s RTU500 Series Product are affected:

  • RTU500 series CMU Firmware: version 12.0.1 through 12.0.14
  • RTU500 series CMU Firmware: version 12.2.1 through 12.2.11
  • RTU500 series CMU Firmware: version 12.4.1 through 12.4.11
  • RTU500 series CMU Firmware: version 12.6.1 through 12.6.8
  • RTU500 series CMU Firmware: version 12.7.1 through 12.7.5
  • RTU500 series CMU Firmware: version 13.2.1 through 13.2.5
  • RTU500 series CMU Firmware: version 13.3.1 through 13.3.3
  • RTU500 series CMU Firmware: version 13.4.1

Vulnerability Overview:

  • Classic Buffer Overflow (CVE-2021-3711): Vulnerability affecting OpenSSL Version 1.0.2 with a CVSS of 9.8.
  • Infinite Loop (CVE-2022-0778): Vulnerability affecting OpenSSL version 1.0.2 with a CVSS of 7.5.
  • Out-Of-Bounds Read (CVE-2022-23937): Vulnerability affecting Wind River VxWorks version 6.9 with a CVSS of 7.5.
  • Type Confusion (CVE-2023-0286): Vulnerability related to X.400 address processing within an X.509 GeneralName with a CVSS of 7.4.
  • Out-Of-Bounds Read (CVE-2021-3712): Vulnerability affecting OpenSSL Version 1.0.2 with a CVSS of 7.4

Risk Evaluation: Successful exploitation of these vulnerabilities could allow an attacker to crash the device being accessed or cause a denial-of-service condition.

Mitigations:

  • Hitachi Energy has released mitigations/fixes for CVE-2023-0286 and CVE-2022-4304.
  • General mitigation factors/workarounds are recommended for CVE-2022-23937, CVE-2022-0778, CVE-2021-3711, and CVE-2021-3712.
  • CISA provides detailed security advisories for reference.

Sector-Wise Impact:

  • Critical Infrastructure Sectors: Energy
  • Countries/Areas Deployed: Worldwide

No known public exploitation targeting these vulnerabilities has been reported to CISA at this time.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.